Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
1Klocu2k7B.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
MPEG-4 LOAS
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x19829a5b, page size 16384, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
|
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
|
modified
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_1Kl_a1541ba52dc63323fed23d3e53a9a9cb75f9b_81420264_12a83c82\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER188F.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sat May 14 12:09:41 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER28CC.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER33E9.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\1Klocu2k7B.dll
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\1Klocu2k7B.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\1Klocu2k7B.dll,DllRegisterServer
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\EdxEJLGuNzzgO\shzaWNvELlzUCv.dll"
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\1Klocu2k7B.dll,DllUnregisterServer
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k NetworkService -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k unistacksvcgroup
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\JRkpZLNCkFz\TYmfFCbFTVEkATZ.dll"
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
|
|
|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\1Klocu2k7B.dll"
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\1Klocu2k7B.dll",#1
|
||
|
C:\Windows\System32\SgrmBroker.exe
|
C:\Windows\system32\SgrmBroker.exe
|
||
|
C:\Program Files\Windows Defender\MpCmdRun.exe
|
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 992 -s 316
|
There are 14 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://23.239.0.12/
|
23.239.0.12
|
|
|
|
https://23.239.0.12/&
|
unknown
|
|
|
|
https://dev.ditu.live.com/REST/v1/Routes/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Driving
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
|
unknown
|
||
|
https://t0.tiles.ditu.live.com/tiles/gen
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Walking
|
unknown
|
||
|
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
|
unknown
|
||
|
https://dev.ditu.live.com/mapcontrol/logging.ashx
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
|
unknown
|
||
|
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?entry=
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
|
unknown
|
||
|
https://www.hotspotshield.com/terms/
|
unknown
|
||
|
https://www.pango.co/privacy
|
unknown
|
||
|
https://ecn.dev.virtualearth.net/mapcontrol/roadshield.ashx?bucket=
|
unknown
|
||
|
http://www.bingmapsportal.com
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
|
unknown
|
||
|
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
|
unknown
|
||
|
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
|
unknown
|
||
|
https://www.disneyplus.com/legal/your-california-privacy-rights
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Transit/Stops/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Transit/Stops/
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
|
unknown
|
||
|
https://www.tiktok.com/legal/report/feedback
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
|
unknown
|
||
|
https://%s.xboxlive.com
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Locations
|
unknown
|
||
|
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
|
unknown
|
||
|
https://dev.virtualearth.net/mapcontrol/logging.ashx
|
unknown
|
||
|
https://support.hotspotshield.com/
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
|
unknown
|
||
|
https://www.disneyplus.com/legal/privacy-policy
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
|
unknown
|
||
|
https://dynamic.t
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Transit
|
unknown
|
||
|
https://disneyplus.com/legal.
|
unknown
|
||
|
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
|
unknown
|
||
|
https://activity.windows.com
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Locations
|
unknown
|
||
|
http://help.disneyplus.com.
|
unknown
|
||
|
https://%s.dnet.xboxlive.com
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
|
unknown
|
||
|
https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2
|
unknown
|
There are 43 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
23.239.0.12
|
unknown
|
United States
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
|
|
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-100
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-101
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\system32\dnsapi.dll,-103
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-843
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-844
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\system32\NgcRecovery.dll,-100
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage
|
MonthID
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-100
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-101
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\system32\dnsapi.dll,-103
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-843
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-844
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\system32\NgcRecovery.dll,-100
|
||
|
\REGISTRY\A\{5e5f5260-ba2f-4d33-38aa-dbdee9fbd54f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{5e5f5260-ba2f-4d33-38aa-dbdee9fbd54f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{5e5f5260-ba2f-4d33-38aa-dbdee9fbd54f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{5e5f5260-ba2f-4d33-38aa-dbdee9fbd54f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{5e5f5260-ba2f-4d33-38aa-dbdee9fbd54f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{5e5f5260-ba2f-4d33-38aa-dbdee9fbd54f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{5e5f5260-ba2f-4d33-38aa-dbdee9fbd54f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{5e5f5260-ba2f-4d33-38aa-dbdee9fbd54f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{5e5f5260-ba2f-4d33-38aa-dbdee9fbd54f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{5e5f5260-ba2f-4d33-38aa-dbdee9fbd54f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{5e5f5260-ba2f-4d33-38aa-dbdee9fbd54f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{5e5f5260-ba2f-4d33-38aa-dbdee9fbd54f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{5e5f5260-ba2f-4d33-38aa-dbdee9fbd54f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{5e5f5260-ba2f-4d33-38aa-dbdee9fbd54f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{5e5f5260-ba2f-4d33-38aa-dbdee9fbd54f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{5e5f5260-ba2f-4d33-38aa-dbdee9fbd54f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsPeFile
|
||
|
\REGISTRY\A\{5e5f5260-ba2f-4d33-38aa-dbdee9fbd54f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800453F4626F
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\WaaS\WaaSMedic\TaskStore
|
Schedule Scan
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\WaaS\WaaSMedic\State
|
BlockUntilTimeStatus
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\WaaS\WaaSMedic\Configuration
|
refreshAfter
|
There are 35 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1340000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
17240D10000
|
direct allocation
|
page execute and read and write
|
|
|
|
1225F3B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
F70000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
18002D000
|
direct allocation
|
page readonly
|
||
|
1CA4E959000
|
heap
|
page read and write
|
||
|
3A5967E000
|
stack
|
page read and write
|
||
|
E7655FE000
|
stack
|
page read and write
|
||
|
F981F7000
|
stack
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
2B14DC02000
|
heap
|
page read and write
|
||
|
2059BE50000
|
heap
|
page read and write
|
||
|
1D405C91000
|
heap
|
page read and write
|
||
|
32B0FE000
|
stack
|
page read and write
|
||
|
2511D2C4000
|
heap
|
page read and write
|
||
|
2547FB30000
|
heap
|
page read and write
|
||
|
E6A07C000
|
stack
|
page read and write
|
||
|
2C387A7D000
|
heap
|
page read and write
|
||
|
1CA53800000
|
heap
|
page read and write
|
||
|
2059CCA0000
|
trusted library allocation
|
page read and write
|
||
|
17240AC0000
|
heap
|
page read and write
|
||
|
E764B4B000
|
stack
|
page read and write
|
||
|
21B3A980000
|
heap
|
page read and write
|
||
|
324E000
|
stack
|
page read and write
|
||
|
1CA4E918000
|
heap
|
page read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
11DC000
|
heap
|
page read and write
|
||
|
1CA538FB000
|
heap
|
page read and write
|
||
|
2B14D789000
|
heap
|
page read and write
|
||
|
25E11013000
|
heap
|
page read and write
|
||
|
1CA4E7E0000
|
trusted library allocation
|
page read and write
|
||
|
1CA4DD60000
|
trusted library allocation
|
page read and write
|
||
|
2547FB49000
|
heap
|
page read and write
|
||
|
1182000
|
heap
|
page read and write
|
||
|
2C387A4F000
|
heap
|
page read and write
|
||
|
3A596FC000
|
stack
|
page read and write
|
||
|
2783B913000
|
heap
|
page read and write
|
||
|
9DA3DBE000
|
stack
|
page read and write
|
||
|
25E1104A000
|
heap
|
page read and write
|
||
|
2783B8C7000
|
heap
|
page read and write
|
||
|
17240E15000
|
heap
|
page read and write
|
||
|
2C387A3A000
|
heap
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
25402FA0000
|
heap
|
page read and write
|
||
|
1225F300000
|
heap
|
page read and write
|
||
|
1D405C51000
|
heap
|
page read and write
|
||
|
2B14D78A000
|
heap
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
2B14D772000
|
heap
|
page read and write
|
||
|
2B14CCB2000
|
heap
|
page read and write
|
||
|
2C387A13000
|
heap
|
page read and write
|
||
|
1465000
|
heap
|
page read and write
|
||
|
11D8000
|
heap
|
page read and write
|
||
|
11CF000
|
heap
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
195B387E000
|
heap
|
page read and write
|
||
|
1BD90900000
|
heap
|
page read and write
|
||
|
2783C002000
|
heap
|
page read and write
|
||
|
11CF000
|
heap
|
page read and write
|
||
|
2B14D793000
|
heap
|
page read and write
|
||
|
2B14CD13000
|
heap
|
page read and write
|
||
|
1225F400000
|
heap
|
page read and write
|
||
|
25E11000000
|
heap
|
page read and write
|
||
|
15DB387C000
|
heap
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
BBE2F7D000
|
stack
|
page read and write
|
||
|
1D405D00000
|
heap
|
page read and write
|
||
|
32B1FE000
|
stack
|
page read and write
|
||
|
E6A3FF000
|
stack
|
page read and write
|
||
|
2C387A41000
|
heap
|
page read and write
|
||
|
2B14CD02000
|
heap
|
page read and write
|
||
|
D6DD1FF000
|
stack
|
page read and write
|
||
|
9DA3CBB000
|
stack
|
page read and write
|
||
|
195B3640000
|
heap
|
page read and write
|
||
|
2B14DC02000
|
heap
|
page read and write
|
||
|
195B35E0000
|
heap
|
page read and write
|
||
|
2547FB46000
|
heap
|
page read and write
|
||
|
2547FB38000
|
heap
|
page read and write
|
||
|
7FFFE2E96000
|
unkown
|
page read and write
|
||
|
1225F370000
|
direct allocation
|
page execute and read and write
|
||
|
D24BC7F000
|
stack
|
page read and write
|
||
|
2059C9C0000
|
trusted library allocation
|
page read and write
|
||
|
2B14D770000
|
heap
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
15DB385E000
|
heap
|
page read and write
|
||
|
1CA53902000
|
heap
|
page read and write
|
||
|
21B3AA53000
|
heap
|
page read and write
|
||
|
1225F1E0000
|
heap
|
page read and write
|
||
|
E76537E000
|
stack
|
page read and write
|
||
|
2B14CCB6000
|
heap
|
page read and write
|
||
|
2C387A55000
|
heap
|
page read and write
|
||
|
2059BC00000
|
trusted library allocation
|
page read and write
|
||
|
21B3AA13000
|
heap
|
page read and write
|
||
|
17240D40000
|
heap
|
page readonly
|
||
|
2B14CCA3000
|
heap
|
page read and write
|
||
|
2059BD50000
|
heap
|
page read and write
|
||
|
2C387A68000
|
heap
|
page read and write
|
||
|
1CA534F4000
|
trusted library allocation
|
page read and write
|
||
|
F50000
|
direct allocation
|
page execute and read and write
|
||
|
2B14D700000
|
heap
|
page read and write
|
||
|
232EF840000
|
heap
|
page read and write
|
||
|
15DB3913000
|
heap
|
page read and write
|
||
|
32B07F000
|
stack
|
page read and write
|
||
|
2783BFC0000
|
trusted library allocation
|
page read and write
|
||
|
86065FF000
|
stack
|
page read and write
|
||
|
2B14D602000
|
heap
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
2B14CCA4000
|
heap
|
page read and write
|
||
|
E6A17E000
|
stack
|
page read and write
|
||
|
1CA4DE55000
|
heap
|
page read and write
|
||
|
1CA4DD30000
|
heap
|
page read and write
|
||
|
1005FE000
|
stack
|
page read and write
|
||
|
2C3878F0000
|
heap
|
page read and write
|
||
|
1400000
|
remote allocation
|
page read and write
|
||
|
25E11108000
|
heap
|
page read and write
|
||
|
2B14CC9A000
|
heap
|
page read and write
|
||
|
232EF780000
|
remote allocation
|
page read and write
|
||
|
106F000
|
heap
|
page read and write
|
||
|
195B3859000
|
heap
|
page read and write
|
||
|
1CA4E918000
|
heap
|
page read and write
|
||
|
1BD90868000
|
heap
|
page read and write
|
||
|
E6A37B000
|
stack
|
page read and write
|
||
|
2511D2B1000
|
heap
|
page read and write
|
||
|
2511D2CF000
|
heap
|
page read and write
|
||
|
2059BD9F000
|
heap
|
page read and write
|
||
|
1BD90913000
|
heap
|
page read and write
|
||
|
1D405C3C000
|
heap
|
page read and write
|
||
|
2059C9D0000
|
trusted library allocation
|
page read and write
|
||
|
1D405C4C000
|
heap
|
page read and write
|
||
|
2C387A47000
|
heap
|
page read and write
|
||
|
2511D2E4000
|
heap
|
page read and write
|
||
|
7FFFE2E40000
|
unkown
|
page readonly
|
||
|
2B14DC02000
|
heap
|
page read and write
|
||
|
120F000
|
heap
|
page read and write
|
||
|
2B14D791000
|
heap
|
page read and write
|
||
|
1D405D08000
|
heap
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
2B14D716000
|
heap
|
page read and write
|
||
|
25E11080000
|
heap
|
page read and write
|
||
|
2783B6B0000
|
heap
|
page read and write
|
||
|
1CA4DE13000
|
heap
|
page read and write
|
||
|
FDD12FE000
|
stack
|
page read and write
|
||
|
2C387A63000
|
heap
|
page read and write
|
||
|
15DB3600000
|
heap
|
page read and write
|
||
|
15DB3800000
|
heap
|
page read and write
|
||
|
7FFFE2E40000
|
unkown
|
page readonly
|
||
|
1225F200000
|
heap
|
page read and write
|
||
|
B1CEF7B000
|
stack
|
page read and write
|
||
|
1CA53840000
|
heap
|
page read and write
|
||
|
7FFFE2E92000
|
unkown
|
page readonly
|
||
|
1CA4DE00000
|
heap
|
page read and write
|
||
|
86061DE000
|
stack
|
page read and write
|
||
|
195B3849000
|
heap
|
page read and write
|
||
|
17240B21000
|
heap
|
page read and write
|
||
|
7FFFE2E92000
|
unkown
|
page readonly
|
||
|
1CA534D8000
|
trusted library allocation
|
page read and write
|
||
|
15DB3670000
|
heap
|
page read and write
|
||
|
7FFFE2E96000
|
unkown
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
32CD000
|
stack
|
page read and write
|
||
|
1D405AC0000
|
heap
|
page read and write
|
||
|
BBE337F000
|
stack
|
page read and write
|
||
|
2B14D74E000
|
heap
|
page read and write
|
||
|
2511D2C5000
|
heap
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
FDD127E000
|
stack
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
7FFFE2E41000
|
unkown
|
page execute read
|
||
|
9FAC6FB000
|
stack
|
page read and write
|
||
|
2C387A52000
|
heap
|
page read and write
|
||
|
1D405C81000
|
heap
|
page read and write
|
||
|
1CA4E904000
|
heap
|
page read and write
|
||
|
B2705EE000
|
stack
|
page read and write
|
||
|
2783C132000
|
heap
|
page read and write
|
||
|
2C387A3E000
|
heap
|
page read and write
|
||
|
1CA5382E000
|
heap
|
page read and write
|
||
|
21B3AA5B000
|
heap
|
page read and write
|
||
|
1CA535E0000
|
trusted library allocation
|
page read and write
|
||
|
BB5000
|
stack
|
page read and write
|
||
|
195B3849000
|
heap
|
page read and write
|
||
|
D6DD17F000
|
stack
|
page read and write
|
||
|
1D406402000
|
trusted library allocation
|
page read and write
|
||
|
2B14D772000
|
heap
|
page read and write
|
||
|
25E1104E000
|
heap
|
page read and write
|
||
|
7FFFE2E92000
|
unkown
|
page readonly
|
||
|
2B14D779000
|
heap
|
page read and write
|
||
|
1CA4DCC0000
|
heap
|
page read and write
|
||
|
120D000
|
heap
|
page read and write
|
||
|
BBE2C7C000
|
stack
|
page read and write
|
||
|
7FFFE2E99000
|
unkown
|
page readonly
|
||
|
1CA53852000
|
heap
|
page read and write
|
||
|
2547FB58000
|
heap
|
page read and write
|
||
|
B27056B000
|
stack
|
page read and write
|
||
|
254030B0000
|
trusted library allocation
|
page read and write
|
||
|
2059BBF0000
|
heap
|
page read and write
|
||
|
296E000
|
stack
|
page read and write
|
||
|
1CA4E959000
|
heap
|
page read and write
|
||
|
1CA4DE92000
|
heap
|
page read and write
|
||
|
25E1104C000
|
heap
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
1CA534F0000
|
trusted library allocation
|
page read and write
|
||
|
15DB3852000
|
heap
|
page read and write
|
||
|
25E10EF0000
|
heap
|
page read and write
|
||
|
1006FE000
|
stack
|
page read and write
|
||
|
195B3918000
|
heap
|
page read and write
|
||
|
1194000
|
heap
|
page read and write
|
||
|
2B14DC02000
|
heap
|
page read and write
|
||
|
2C387A30000
|
heap
|
page read and write
|
||
|
15DB388A000
|
heap
|
page read and write
|
||
|
1CA534D0000
|
trusted library allocation
|
page read and write
|
||
|
1CA535A0000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
remote allocation
|
page read and write
|
||
|
17240AF8000
|
heap
|
page read and write
|
||
|
2A00000
|
heap
|
page read and write
|
||
|
2B14CC4E000
|
heap
|
page read and write
|
||
|
1D405C5E000
|
heap
|
page read and write
|
||
|
2B14CC92000
|
heap
|
page read and write
|
||
|
1CA4DDF3000
|
trusted library allocation
|
page read and write
|
||
|
1009FD000
|
stack
|
page read and write
|
||
|
2B14D785000
|
heap
|
page read and write
|
||
|
17240B31000
|
heap
|
page read and write
|
||
|
2B14DC02000
|
heap
|
page read and write
|
||
|
1CA4E902000
|
heap
|
page read and write
|
||
|
2059CA30000
|
trusted library allocation
|
page read and write
|
||
|
25E11052000
|
heap
|
page read and write
|
||
|
E7657FF000
|
stack
|
page read and write
|
||
|
E6A27C000
|
stack
|
page read and write
|
||
|
3A5997E000
|
stack
|
page read and write
|
||
|
2C387980000
|
trusted library allocation
|
page read and write
|
||
|
1CA4E815000
|
heap
|
page read and write
|
||
|
1CA538FF000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
2783B813000
|
heap
|
page read and write
|
||
|
2511D2E5000
|
heap
|
page read and write
|
||
|
2B14D78A000
|
heap
|
page read and write
|
||
|
195B3902000
|
heap
|
page read and write
|
||
|
2B14CCD7000
|
heap
|
page read and write
|
||
|
1BD90802000
|
heap
|
page read and write
|
||
|
2C387B02000
|
heap
|
page read and write
|
||
|
2B14CB80000
|
heap
|
page read and write
|
||
|
1CA4DE8C000
|
heap
|
page read and write
|
||
|
17240DB4000
|
heap
|
page read and write
|
||
|
21B3AA75000
|
heap
|
page read and write
|
||
|
2B14D79B000
|
heap
|
page read and write
|
||
|
1D405C5B000
|
heap
|
page read and write
|
||
|
2B14D783000
|
heap
|
page read and write
|
||
|
2B14CC71000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
2511D2BF000
|
heap
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
2B14CC55000
|
heap
|
page read and write
|
||
|
3A597FE000
|
stack
|
page read and write
|
||
|
B270F7F000
|
unkown
|
page read and write
|
||
|
10C0000
|
remote allocation
|
page read and write
|
||
|
1CA53500000
|
trusted library allocation
|
page read and write
|
||
|
2B14CC3C000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
2B14D78A000
|
heap
|
page read and write
|
||
|
2B14D71E000
|
heap
|
page read and write
|
||
|
2059BEB5000
|
heap
|
page read and write
|
||
|
2059BD58000
|
heap
|
page read and write
|
||
|
2B14D7D4000
|
heap
|
page read and write
|
||
|
9FAC9FE000
|
stack
|
page read and write
|
||
|
2783B843000
|
heap
|
page read and write
|
||
|
2511D2CF000
|
heap
|
page read and write
|
||
|
B1CF77D000
|
stack
|
page read and write
|
||
|
1D405C00000
|
heap
|
page read and write
|
||
|
2B14D718000
|
heap
|
page read and write
|
||
|
7FFFE2E41000
|
unkown
|
page execute read
|
||
|
1CA53902000
|
heap
|
page read and write
|
||
|
2C387A43000
|
heap
|
page read and write
|
||
|
2783C100000
|
heap
|
page read and write
|
||
|
2783B829000
|
heap
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
25E11050000
|
heap
|
page read and write
|
||
|
29C4000
|
heap
|
page read and write
|
||
|
2B14D550000
|
remote allocation
|
page read and write
|
||
|
17240B2F000
|
heap
|
page read and write
|
||
|
1CA533B0000
|
trusted library allocation
|
page read and write
|
||
|
E6A0FD000
|
stack
|
page read and write
|
||
|
2B14DC02000
|
heap
|
page read and write
|
||
|
2547FE6B000
|
heap
|
page read and write
|
||
|
2B14D7B1000
|
heap
|
page read and write
|
||
|
2783B6C0000
|
heap
|
page read and write
|
||
|
1BD90855000
|
heap
|
page read and write
|
||
|
2419C580000
|
heap
|
page read and write
|
||
|
195B3848000
|
heap
|
page read and write
|
||
|
1CA535F0000
|
trusted library allocation
|
page read and write
|
||
|
1182000
|
heap
|
page read and write
|
||
|
2C387950000
|
heap
|
page read and write
|
||
|
21B3B402000
|
trusted library allocation
|
page read and write
|
||
|
2B14D7B1000
|
heap
|
page read and write
|
||
|
2B14D78C000
|
heap
|
page read and write
|
||
|
1225F208000
|
heap
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
2B14CCEC000
|
heap
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
2B14CD16000
|
heap
|
page read and write
|
||
|
28EE000
|
stack
|
page read and write
|
||
|
1CA535A0000
|
trusted library allocation
|
page read and write
|
||
|
1CA53514000
|
trusted library allocation
|
page read and write
|
||
|
F65000
|
heap
|
page read and write
|
||
|
2059BDB5000
|
heap
|
page read and write
|
||
|
1D405C13000
|
heap
|
page read and write
|
||
|
1CA4E800000
|
heap
|
page read and write
|
||
|
2B14CCCB000
|
heap
|
page read and write
|
||
|
15DB3900000
|
heap
|
page read and write
|
||
|
2511D2B6000
|
heap
|
page read and write
|
||
|
1CA53630000
|
remote allocation
|
page read and write
|
||
|
1D405C5E000
|
heap
|
page read and write
|
||
|
2B14CCC6000
|
heap
|
page read and write
|
||
|
2547FD00000
|
heap
|
page read and write
|
||
|
2C388402000
|
trusted library allocation
|
page read and write
|
||
|
2C387A6F000
|
heap
|
page read and write
|
||
|
100AFE000
|
stack
|
page read and write
|
||
|
1CA4E900000
|
heap
|
page read and write
|
||
|
11B3000
|
heap
|
page read and write
|
||
|
1CA4DE3D000
|
heap
|
page read and write
|
||
|
2511D2C6000
|
heap
|
page read and write
|
||
|
1CA534DE000
|
trusted library allocation
|
page read and write
|
||
|
232EF750000
|
trusted library allocation
|
page read and write
|
||
|
1D405D13000
|
heap
|
page read and write
|
||
|
232EF813000
|
heap
|
page read and write
|
||
|
61F11FE000
|
stack
|
page read and write
|
||
|
1CA538EB000
|
heap
|
page read and write
|
||
|
2B14D785000
|
heap
|
page read and write
|
||
|
1CA53710000
|
trusted library allocation
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
1CA53730000
|
trusted library allocation
|
page read and write
|
||
|
1225F3A4000
|
heap
|
page read and write
|
||
|
1225F3A0000
|
heap
|
page read and write
|
||
|
FDD157B000
|
stack
|
page read and write
|
||
|
1CA53500000
|
trusted library allocation
|
page read and write
|
||
|
17240CE0000
|
heap
|
page read and write
|
||
|
1CA538F6000
|
heap
|
page read and write
|
||
|
FDB000
|
heap
|
page read and write
|
||
|
2B14D785000
|
heap
|
page read and write
|
||
|
2B14D78A000
|
heap
|
page read and write
|
||
|
2B14D74E000
|
heap
|
page read and write
|
||
|
1CA53900000
|
heap
|
page read and write
|
||
|
2B14D772000
|
heap
|
page read and write
|
||
|
2547FB75000
|
heap
|
page read and write
|
||
|
2B14D772000
|
heap
|
page read and write
|
||
|
2C387A29000
|
heap
|
page read and write
|
||
|
2783B88A000
|
heap
|
page read and write
|
||
|
2059BEB0000
|
heap
|
page read and write
|
||
|
32B17E000
|
stack
|
page read and write
|
||
|
21B3A990000
|
heap
|
page read and write
|
||
|
1D405C29000
|
heap
|
page read and write
|
||
|
2B14D785000
|
heap
|
page read and write
|
||
|
B270BF9000
|
stack
|
page read and write
|
||
|
1D405AB0000
|
heap
|
page read and write
|
||
|
195B3800000
|
heap
|
page read and write
|
||
|
2547FB61000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2059BD9F000
|
heap
|
page read and write
|
||
|
2C387A4C000
|
heap
|
page read and write
|
||
|
2511D120000
|
heap
|
page read and write
|
||
|
2B14D7BC000
|
heap
|
page read and write
|
||
|
2C3878E0000
|
heap
|
page read and write
|
||
|
2B14D7AC000
|
heap
|
page read and write
|
||
|
34CF000
|
stack
|
page read and write
|
||
|
2547FB52000
|
heap
|
page read and write
|
||
|
2B14D791000
|
heap
|
page read and write
|
||
|
2DCC000
|
stack
|
page read and write
|
||
|
1CA534D0000
|
trusted library allocation
|
page read and write
|
||
|
2B14DC02000
|
heap
|
page read and write
|
||
|
1CA53630000
|
remote allocation
|
page read and write
|
||
|
232EF800000
|
heap
|
page read and write
|
||
|
17240E10000
|
heap
|
page read and write
|
||
|
2059CC90000
|
heap
|
page readonly
|
||
|
195B37D0000
|
remote allocation
|
page read and write
|
||
|
2C387A56000
|
heap
|
page read and write
|
||
|
1D405C6F000
|
heap
|
page read and write
|
||
|
FDD177F000
|
stack
|
page read and write
|
||
|
1D405C5E000
|
heap
|
page read and write
|
||
|
1CA538F8000
|
heap
|
page read and write
|
||
|
1CA53630000
|
remote allocation
|
page read and write
|
||
|
9FAC7FE000
|
stack
|
page read and write
|
||
|
1CA4DF02000
|
heap
|
page read and write
|
||
|
7FFFE2E40000
|
unkown
|
page readonly
|
||
|
1CA4DE74000
|
heap
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
2419C7D0000
|
heap
|
page read and write
|
||
|
2B14D772000
|
heap
|
page read and write
|
||
|
10C0000
|
remote allocation
|
page read and write
|
||
|
2547FB49000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
BBE2D7D000
|
stack
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
17240AF0000
|
heap
|
page read and write
|
||
|
1148000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
2511D2CF000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
232EF5E0000
|
heap
|
page read and write
|
||
|
2419C600000
|
heap
|
page read and write
|
||
|
1CA4E802000
|
heap
|
page read and write
|
||
|
1D405C4A000
|
heap
|
page read and write
|
||
|
2B14D78A000
|
heap
|
page read and write
|
||
|
1CA538D9000
|
heap
|
page read and write
|
||
|
195B5202000
|
heap
|
page read and write
|
||
|
1370000
|
heap
|
page readonly
|
||
|
1CA4DEFB000
|
heap
|
page read and write
|
||
|
2B14D789000
|
heap
|
page read and write
|
||
|
1CA53903000
|
heap
|
page read and write
|
||
|
1CA4EEF0000
|
trusted library allocation
|
page read and write
|
||
|
2547FE65000
|
heap
|
page read and write
|
||
|
25E1104F000
|
heap
|
page read and write
|
||
|
2511D2C2000
|
heap
|
page read and write
|
||
|
120D000
|
heap
|
page read and write
|
||
|
2B14CC29000
|
heap
|
page read and write
|
||
|
F982FF000
|
stack
|
page read and write
|
||
|
86064F9000
|
stack
|
page read and write
|
||
|
25E10F50000
|
heap
|
page read and write
|
||
|
15DB383C000
|
heap
|
page read and write
|
||
|
25E11113000
|
heap
|
page read and write
|
||
|
195B3900000
|
heap
|
page read and write
|
||
|
21B3AA29000
|
heap
|
page read and write
|
||
|
B270AFE000
|
stack
|
page read and write
|
||
|
2B14D793000
|
heap
|
page read and write
|
||
|
BBE317E000
|
stack
|
page read and write
|
||
|
1D405B20000
|
heap
|
page read and write
|
||
|
2E04000
|
heap
|
page read and write
|
||
|
2783B720000
|
heap
|
page read and write
|
||
|
2511D2E1000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
2511D2E7000
|
heap
|
page read and write
|
||
|
2C387A7C000
|
heap
|
page read and write
|
||
|
7FFFE2E99000
|
unkown
|
page readonly
|
||
|
11DC000
|
heap
|
page read and write
|
||
|
2B14D7CB000
|
heap
|
page read and write
|
||
|
1BD90640000
|
heap
|
page read and write
|
||
|
B1CE9AB000
|
stack
|
page read and write
|
||
|
BBE307E000
|
stack
|
page read and write
|
||
|
1094000
|
stack
|
page read and write
|
||
|
2B14D78A000
|
heap
|
page read and write
|
||
|
B1CF37B000
|
stack
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
61F10FF000
|
stack
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
1CA5385F000
|
heap
|
page read and write
|
||
|
2C387A50000
|
heap
|
page read and write
|
||
|
1CA538DB000
|
heap
|
page read and write
|
||
|
1BD90864000
|
heap
|
page read and write
|
||
|
7FFFE2E41000
|
unkown
|
page execute read
|
||
|
2C387A4A000
|
heap
|
page read and write
|
||
|
2783B8BD000
|
heap
|
page read and write
|
||
|
1CA4DF07000
|
heap
|
page read and write
|
||
|
2B14D774000
|
heap
|
page read and write
|
||
|
15DB3813000
|
heap
|
page read and write
|
||
|
1CA53815000
|
heap
|
page read and write
|
||
|
2547FB5C000
|
heap
|
page read and write
|
||
|
D24B7DE000
|
stack
|
page read and write
|
||
|
232EF902000
|
heap
|
page read and write
|
||
|
2B14D7A4000
|
heap
|
page read and write
|
||
|
232EF780000
|
remote allocation
|
page read and write
|
||
|
2B14D79B000
|
heap
|
page read and write
|
||
|
21B3AA6A000
|
heap
|
page read and write
|
||
|
2B14D772000
|
heap
|
page read and write
|
||
|
1CA4DE29000
|
heap
|
page read and write
|
||
|
1CA4E913000
|
heap
|
page read and write
|
||
|
1CA53510000
|
trusted library allocation
|
page read and write
|
||
|
2B14D78A000
|
heap
|
page read and write
|
||
|
9DA3D3D000
|
stack
|
page read and write
|
||
|
2B14CCF8000
|
heap
|
page read and write
|
||
|
17240DB0000
|
heap
|
page read and write
|
||
|
232EF824000
|
heap
|
page read and write
|
||
|
17240D80000
|
heap
|
page read and write
|
||
|
15DB3610000
|
heap
|
page read and write
|
||
|
2B14D770000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
E6A5FF000
|
stack
|
page read and write
|
||
|
B270EF7000
|
stack
|
page read and write
|
||
|
B1CF17F000
|
stack
|
page read and write
|
||
|
2547FE60000
|
heap
|
page read and write
|
||
|
21B3AB02000
|
heap
|
page read and write
|
||
|
120F000
|
heap
|
page read and write
|
||
|
25E11A02000
|
trusted library allocation
|
page read and write
|
||
|
195B37D0000
|
remote allocation
|
page read and write
|
||
|
B270A7B000
|
stack
|
page read and write
|
||
|
32B27B000
|
stack
|
page read and write
|
||
|
2B14CCAB000
|
heap
|
page read and write
|
||
|
3A598FD000
|
stack
|
page read and write
|
||
|
1CA53822000
|
heap
|
page read and write
|
||
|
195B35D0000
|
heap
|
page read and write
|
||
|
860615B000
|
stack
|
page read and write
|
||
|
1390000
|
trusted library allocation
|
page read and write
|
||
|
B1CF07B000
|
stack
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
25E1108B000
|
heap
|
page read and write
|
||
|
D24BB7E000
|
stack
|
page read and write
|
||
|
2B14D78A000
|
heap
|
page read and write
|
||
|
1185000
|
heap
|
page read and write
|
||
|
2C387A5B000
|
heap
|
page read and write
|
||
|
61F107F000
|
stack
|
page read and write
|
||
|
2511D2A0000
|
heap
|
page read and write
|
||
|
D6DD07A000
|
stack
|
page read and write
|
||
|
195B3913000
|
heap
|
page read and write
|
||
|
25402FA3000
|
heap
|
page read and write
|
||
|
9FAC8FB000
|
stack
|
page read and write
|
||
|
1CA4DE89000
|
heap
|
page read and write
|
||
|
17240A30000
|
heap
|
page read and write
|
||
|
1CA534F1000
|
trusted library allocation
|
page read and write
|
||
|
D24BE7E000
|
stack
|
page read and write
|
||
|
232EF780000
|
remote allocation
|
page read and write
|
||
|
1BD90902000
|
heap
|
page read and write
|
||
|
2C387A6B000
|
heap
|
page read and write
|
||
|
2511D2C0000
|
heap
|
page read and write
|
||
|
15DB388E000
|
heap
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
17240D00000
|
direct allocation
|
page execute and read and write
|
||
|
100BFC000
|
stack
|
page read and write
|
||
|
2B14D753000
|
heap
|
page read and write
|
||
|
B270DFF000
|
stack
|
page read and write
|
||
|
15DB3864000
|
heap
|
page read and write
|
||
|
1225F350000
|
heap
|
page read and write
|
||
|
1390000
|
trusted library allocation
|
page read and write
|
||
|
2B14D789000
|
heap
|
page read and write
|
||
|
32AD9F000
|
stack
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
2783B8CE000
|
heap
|
page read and write
|
||
|
1CA53847000
|
heap
|
page read and write
|
||
|
7FFFE2E96000
|
unkown
|
page read and write
|
||
|
25E11029000
|
heap
|
page read and write
|
||
|
2C387A48000
|
heap
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
2C387A39000
|
heap
|
page read and write
|
||
|
1CA53610000
|
trusted library allocation
|
page read and write
|
||
|
120D000
|
heap
|
page read and write
|
||
|
2B14D79B000
|
heap
|
page read and write
|
||
|
D6DD278000
|
stack
|
page read and write
|
||
|
F983FC000
|
stack
|
page read and write
|
||
|
D24B6DB000
|
stack
|
page read and write
|
||
|
2547FB76000
|
heap
|
page read and write
|
||
|
15DB3770000
|
trusted library allocation
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
2B14D78B000
|
heap
|
page read and write
|
||
|
B27087E000
|
stack
|
page read and write
|
||
|
2059CA40000
|
trusted library allocation
|
page read and write
|
||
|
2B14CCEC000
|
heap
|
page read and write
|
||
|
7FFFE2E99000
|
unkown
|
page readonly
|
||
|
2547FB5C000
|
heap
|
page read and write
|
||
|
1BD90879000
|
heap
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
1225F260000
|
heap
|
page read and write
|
||
|
232EF650000
|
heap
|
page read and write
|
||
|
FDD0FEB000
|
stack
|
page read and write
|
||
|
2B14D7DC000
|
heap
|
page read and write
|
||
|
2C387A80000
|
heap
|
page read and write
|
||
|
25401880000
|
heap
|
page read and write
|
||
|
2B14D781000
|
heap
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
2059CCB0000
|
trusted library allocation
|
page read and write
|
||
|
8606579000
|
stack
|
page read and write
|
||
|
2C387A66000
|
heap
|
page read and write
|
||
|
2059BD98000
|
heap
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
D6DD0FF000
|
stack
|
page read and write
|
||
|
1BD90740000
|
trusted library allocation
|
page read and write
|
||
|
1CA4DDF0000
|
trusted library allocation
|
page read and write
|
||
|
2511D135000
|
heap
|
page read and write
|
||
|
2B14D550000
|
remote allocation
|
page read and write
|
||
|
1BD90800000
|
heap
|
page read and write
|
||
|
B1CFA7E000
|
stack
|
page read and write
|
||
|
2B14D550000
|
remote allocation
|
page read and write
|
||
|
2B14D783000
|
heap
|
page read and write
|
||
|
17240B1B000
|
heap
|
page read and write
|
||
|
25E11071000
|
heap
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
1CA5384C000
|
heap
|
page read and write
|
||
|
2B14D772000
|
heap
|
page read and write
|
||
|
21B3B290000
|
trusted library allocation
|
page read and write
|
||
|
2B14D74A000
|
heap
|
page read and write
|
||
|
1CA53620000
|
trusted library allocation
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
2B14CB90000
|
heap
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
33CF000
|
stack
|
page read and write
|
||
|
2419C613000
|
heap
|
page read and write
|
||
|
996D3CD000
|
stack
|
page read and write
|
||
|
32AD16000
|
stack
|
page read and write
|
||
|
195B3842000
|
heap
|
page read and write
|
||
|
1008FC000
|
stack
|
page read and write
|
||
|
7FFFE2E41000
|
unkown
|
page execute read
|
||
|
25E10F80000
|
trusted library allocation
|
page read and write
|
||
|
860647D000
|
stack
|
page read and write
|
||
|
2B14CCB2000
|
heap
|
page read and write
|
||
|
195B3858000
|
heap
|
page read and write
|
||
|
1225F0A0000
|
heap
|
page read and write
|
||
|
2D8E000
|
stack
|
page read and write
|
||
|
2F4B000
|
stack
|
page read and write
|
||
|
2C387A00000
|
heap
|
page read and write
|
||
|
2511D2E1000
|
heap
|
page read and write
|
||
|
1023000
|
heap
|
page read and write
|
||
|
2C387A86000
|
heap
|
page read and write
|
||
|
2511D130000
|
heap
|
page read and write
|
||
|
3A59A7D000
|
stack
|
page read and write
|
||
|
1400000
|
remote allocation
|
page read and write
|
||
|
232EF802000
|
heap
|
page read and write
|
||
|
2059BD9F000
|
heap
|
page read and write
|
||
|
2547FB00000
|
heap
|
page read and write
|
||
|
2511D270000
|
heap
|
page read and write
|
||
|
120F000
|
heap
|
page read and write
|
||
|
F97EFE000
|
stack
|
page read and write
|
||
|
195B3824000
|
heap
|
page read and write
|
||
|
1CA53902000
|
heap
|
page read and write
|
||
|
1CA53902000
|
heap
|
page read and write
|
||
|
3A5957E000
|
stack
|
page read and write
|
||
|
2B14D772000
|
heap
|
page read and write
|
||
|
E7654FC000
|
stack
|
page read and write
|
||
|
1CA53898000
|
heap
|
page read and write
|
||
|
2B14CC00000
|
heap
|
page read and write
|
||
|
2059BEC0000
|
trusted library allocation
|
page read and write
|
||
|
195B391C000
|
heap
|
page read and write
|
||
|
2059BDA1000
|
heap
|
page read and write
|
||
|
860667B000
|
stack
|
page read and write
|
||
|
B1CF27A000
|
stack
|
page read and write
|
||
|
25E11100000
|
heap
|
page read and write
|
||
|
E76527C000
|
stack
|
page read and write
|
||
|
D6DD37C000
|
stack
|
page read and write
|
||
|
21B3AA78000
|
heap
|
page read and write
|
||
|
1CA4DCD0000
|
heap
|
page read and write
|
||
|
1BD91002000
|
trusted library allocation
|
page read and write
|
||
|
1BD90828000
|
heap
|
page read and write
|
||
|
17240B2F000
|
heap
|
page read and write
|
||
|
1D4063C0000
|
trusted library allocation
|
page read and write
|
||
|
1225F405000
|
heap
|
page read and write
|
||
|
F980FB000
|
stack
|
page read and write
|
||
|
195B3790000
|
trusted library allocation
|
page read and write
|
||
|
2C387A63000
|
heap
|
page read and write
|
||
|
1CA538CC000
|
heap
|
page read and write
|
||
|
195B3760000
|
trusted library allocation
|
page read and write
|
||
|
1CA4DE77000
|
heap
|
page read and write
|
||
|
1CA53630000
|
trusted library allocation
|
page read and write
|
||
|
1D405C71000
|
heap
|
page read and write
|
||
|
BBE26CB000
|
stack
|
page read and write
|
||
|
1BD905E0000
|
heap
|
page read and write
|
||
|
2783B8E2000
|
heap
|
page read and write
|
||
|
254038B0000
|
heap
|
page read and write
|
||
|
10007B000
|
stack
|
page read and write
|
||
|
7FFFE2E99000
|
unkown
|
page readonly
|
||
|
25E10EE0000
|
heap
|
page read and write
|
||
|
E7651FF000
|
stack
|
page read and write
|
||
|
2B14CCE9000
|
heap
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
FDD187E000
|
stack
|
page read and write
|
||
|
FA0000
|
heap
|
page readonly
|
||
|
1CA4DF16000
|
heap
|
page read and write
|
||
|
15DB3824000
|
heap
|
page read and write
|
||
|
1CA4DEFB000
|
heap
|
page read and write
|
||
|
2B14D783000
|
heap
|
page read and write
|
||
|
2B14CC13000
|
heap
|
page read and write
|
||
|
21B3AA3D000
|
heap
|
page read and write
|
||
|
2511D250000
|
heap
|
page read and write
|
||
|
1D405D02000
|
heap
|
page read and write
|
||
|
2B14D783000
|
heap
|
page read and write
|
||
|
1D405C8D000
|
heap
|
page read and write
|
||
|
BBE327F000
|
stack
|
page read and write
|
||
|
1CA4E7D0000
|
trusted library allocation
|
page read and write
|
||
|
344B000
|
stack
|
page read and write
|
||
|
2B14D78A000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2B14D78B000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
2B14D79B000
|
heap
|
page read and write
|
||
|
15DB3908000
|
heap
|
page read and write
|
||
|
B1CEDF7000
|
stack
|
page read and write
|
||
|
1CA53879000
|
heap
|
page read and write
|
||
|
2B14CBF0000
|
heap
|
page read and write
|
||
|
E7653FB000
|
stack
|
page read and write
|
||
|
15DB4002000
|
trusted library allocation
|
page read and write
|
||
|
1CA535C0000
|
trusted library allocation
|
page read and write
|
||
|
1007FE000
|
stack
|
page read and write
|
||
|
1D405C82000
|
heap
|
page read and write
|
||
|
61F0DB6000
|
stack
|
page read and write
|
||
|
BBE347E000
|
stack
|
page read and write
|
||
|
2B14CCB5000
|
heap
|
page read and write
|
||
|
21B3AA3F000
|
heap
|
page read and write
|
||
|
7FFFE2E92000
|
unkown
|
page readonly
|
||
|
17240B2F000
|
heap
|
page read and write
|
||
|
1D405C48000
|
heap
|
page read and write
|
||
|
2B14D79B000
|
heap
|
page read and write
|
||
|
2783B870000
|
heap
|
page read and write
|
||
|
25E11102000
|
heap
|
page read and write
|
||
|
9FAC1AC000
|
stack
|
page read and write
|
||
|
2059BD30000
|
heap
|
page read and write
|
||
|
E764F7C000
|
stack
|
page read and write
|
||
|
2B14D785000
|
heap
|
page read and write
|
||
|
2511D2E2000
|
heap
|
page read and write
|
||
|
F97BDC000
|
stack
|
page read and write
|
||
|
1BD90924000
|
heap
|
page read and write
|
||
|
195B3861000
|
heap
|
page read and write
|
||
|
1D405C6F000
|
heap
|
page read and write
|
||
|
1CA538F0000
|
heap
|
page read and write
|
||
|
E7650FE000
|
stack
|
page read and write
|
||
|
2B14D793000
|
heap
|
page read and write
|
||
|
2511D2E1000
|
heap
|
page read and write
|
||
|
F97E7D000
|
stack
|
page read and write
|
||
|
2B14D793000
|
heap
|
page read and write
|
||
|
2059BEB9000
|
heap
|
page read and write
|
||
|
1CA535A0000
|
trusted library allocation
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
2547FB4D000
|
heap
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
2419C60D000
|
heap
|
page read and write
|
||
|
1D405C02000
|
heap
|
page read and write
|
||
|
2B14D789000
|
heap
|
page read and write
|
||
|
2B14CD08000
|
heap
|
page read and write
|
||
|
1CA4DE6E000
|
heap
|
page read and write
|
||
|
2547FA90000
|
heap
|
page read and write
|
||
|
2B14D78A000
|
heap
|
page read and write
|
||
|
1330000
|
direct allocation
|
page execute and read and write
|
||
|
1CA53600000
|
trusted library allocation
|
page read and write
|
||
|
1D405C6F000
|
heap
|
page read and write
|
||
|
2B14DC03000
|
heap
|
page read and write
|
||
|
2059CC80000
|
trusted library allocation
|
page read and write
|
||
|
25E11081000
|
heap
|
page read and write
|
||
|
BBE2AFB000
|
stack
|
page read and write
|
||
|
12260C70000
|
heap
|
page read and write
|
||
|
1185000
|
heap
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
2B14D793000
|
heap
|
page read and write
|
||
|
195B3802000
|
heap
|
page read and write
|
||
|
F984FE000
|
stack
|
page read and write
|
||
|
31CC000
|
stack
|
page read and write
|
||
|
17240AA0000
|
heap
|
page read and write
|
||
|
2E4E000
|
stack
|
page read and write
|
||
|
1BD905D0000
|
heap
|
page read and write
|
||
|
3A591CB000
|
stack
|
page read and write
|
||
|
2B14CC4A000
|
heap
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
25E1103C000
|
heap
|
page read and write
|
||
|
2547FB52000
|
heap
|
page read and write
|
||
|
195B5302000
|
heap
|
page read and write
|
||
|
E7656FD000
|
stack
|
page read and write
|
||
|
FDD147E000
|
stack
|
page read and write
|
||
|
2B14DC00000
|
heap
|
page read and write
|
||
|
2B14D79B000
|
heap
|
page read and write
|
||
|
2C387A6D000
|
heap
|
page read and write
|
||
|
2B14DC21000
|
heap
|
page read and write
|
||
|
FDD1677000
|
stack
|
page read and write
|
||
|
195B3859000
|
heap
|
page read and write
|
||
|
2B14D764000
|
heap
|
page read and write
|
||
|
15DB3802000
|
heap
|
page read and write
|
||
|
B1CF87A000
|
stack
|
page read and write
|
||
|
2783B902000
|
heap
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
34D0000
|
heap
|
page read and write
|
||
|
21B3AA6C000
|
heap
|
page read and write
|
||
|
1CA4DE9E000
|
heap
|
page read and write
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
1BD9083E000
|
heap
|
page read and write
|
||
|
2B14D490000
|
trusted library allocation
|
page read and write
|
||
|
7FFFE2E96000
|
unkown
|
page read and write
|
||
|
195B51A0000
|
trusted library allocation
|
page read and write
|
||
|
E6A4F7000
|
stack
|
page read and write
|
||
|
232EF85C000
|
heap
|
page read and write
|
||
|
1225F24F000
|
heap
|
page read and write
|
||
|
1CA533C0000
|
trusted library allocation
|
page read and write
|
||
|
D6DD2FF000
|
stack
|
page read and write
|
||
|
21B3AB13000
|
heap
|
page read and write
|
||
|
E6A6FD000
|
stack
|
page read and write
|
||
|
2C387A63000
|
heap
|
page read and write
|
||
|
195B3813000
|
heap
|
page read and write
|
||
|
2547FB4E000
|
heap
|
page read and write
|
||
|
2B14CC50000
|
heap
|
page read and write
|
||
|
7FFFE2E40000
|
unkown
|
page readonly
|
||
|
195B37D0000
|
remote allocation
|
page read and write
|
||
|
2B14D792000
|
heap
|
page read and write
|
||
|
B270CF7000
|
stack
|
page read and write
|
||
|
232F0002000
|
trusted library allocation
|
page read and write
|
||
|
2783B800000
|
heap
|
page read and write
|
||
|
25E11002000
|
heap
|
page read and write
|
||
|
21B3A9F0000
|
heap
|
page read and write
|
||
|
1CA538FD000
|
heap
|
page read and write
|
||
|
195B3740000
|
trusted library allocation
|
page read and write
|
||
|
2547FB6D000
|
heap
|
page read and write
|
||
|
232EF5F0000
|
heap
|
page read and write
|
||
|
2C387A46000
|
heap
|
page read and write
|
||
|
2B14CCE4000
|
heap
|
page read and write
|
||
|
1225F255000
|
heap
|
page read and write
|
||
|
1225F380000
|
heap
|
page readonly
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
21B3AA02000
|
heap
|
page read and write
|
||
|
11DC000
|
heap
|
page read and write
|
||
|
FF5000
|
heap
|
page read and write
|
||
|
1CA5381C000
|
heap
|
page read and write
|
||
|
2059CD00000
|
trusted library allocation
|
page read and write
|
||
|
2C387A79000
|
heap
|
page read and write
|
||
|
61F117E000
|
stack
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
21B3AA00000
|
heap
|
page read and write
|
||
|
1CA4F370000
|
trusted library allocation
|
page read and write
|
||
|
11B3000
|
heap
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
D24BD7E000
|
stack
|
page read and write
|
||
|
1CA4DF02000
|
heap
|
page read and write
|
||
|
D24B75E000
|
stack
|
page read and write
|
||
|
2511D2B6000
|
heap
|
page read and write
|
||
|
2B14D784000
|
heap
|
page read and write
|
||
|
25E1104B000
|
heap
|
page read and write
|
||
|
1BD90813000
|
heap
|
page read and write
|
||
|
15DB3902000
|
heap
|
page read and write
|
||
|
B27107D000
|
stack
|
page read and write
|
||
|
2C387A53000
|
heap
|
page read and write
|
There are 806 hidden memdumps, click here to show them.